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Patent Application 
IN THE CLAIMS: 

Claim 1. (previously presented) A system comprising: 
a plurality of certificate authorities (CAs) in which each CA 
maintains and distributes digital certificates revoked by itself in 
the form of a certificate revocation list (CRD, and different CAs 
5 may use different CRL distribution mechanisms; 

multiple CRL retrieval agents configured to periodically 
retrieve CRLs at time intervals from different CAs using a plurality 
of CRL retrieval agents based on the CRL distribution mechanisms of 
CAs; 

10 a plurality of CRL databases for storing the consolidated CRLs 

from the multiple CRL retrieval agents and/or the replications of 
CRLs, the CRL databases storing at least one individually 
identifiable revoked digital certificate; and 

a CRL access user interface for providing a uniform set of 

15 Application Program Interfaces for users accessing the CRLs in the 
CRL database, said system enabling consolidation and access of the 
certificate revocation lists (CRLs) from the plurality of certificate 
authorities (CAs) . 

Claim 2- (original) A system according to claim 1, wherein 
said plurality of CRL databases include a central CRL database and a 
plurality of CRL replication databases, said central CRL database for 
storing the consolidated CRLs from the multiple CRL retrieval agents, 
5 and said plurality of CRL replication databases for storing the 
replications of the CRLs of the central CRL database. 

Claim 3. (original) A system according to claim 1, wherein 
said plurality of CRL retrieval agents include a LDAP/CRL retrieval 
agent, for periodically retrieving CRLs from specified LDAP servers 
and updating the CRL databases. 

Claim 4. (original) A system according to claim 1, wherein 
said plurality of CRL retrieval agents include a HTTP/CRL retrieval 
agent, for periodically retrieving CRLs from specified HTTP servers 
and updating the CRL database. 

Claim 5. (previously presented) A system according to claim 1, 
wherein said plurality of CRL retrieval agents include a RFC1424/CRL 
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retrieval agents, for periodically sending Request For Comments 
1424/Certif icate-Revocation List retrieval request and receiving CRL 
5 retrieval reply. 

Claim 6. (original) A system according to claim 1, wherein 
said plurality of CRL retrieval agents include a Http retrieval agent 
triggered by a HTTP request, said Http receiver agent verifies an 
authorization of the requester, if successful, said agent stores each 
5 transmitted CRL in the CRL databases. 

Claim 7. (original) A system according to claim 1, wherein 
said plurality of CRL retrieval agents further verifies the integrity 
and the authenticity of the retrieved CRLs . 

Claim 8. {original) A system according to claim 1, wherein a 
particular replication architecture is used among said plurality of 
CRL databases in order to maintain database consistency. 

Claim 9. (previously presented) A system according to claim 2, 
wherein a hub-and-spoke replication architecture is used among said 
central CRL database and said plurality of CRL replication databases. 

Claim 10. (previously presented) A system according to claim 1, 
wherein said system is also adapted for consolidating and accessing 
at least one kind of revoked certificate list. 

Claim 11. (previously presented) In a secure network 
implemented by digital certificates, a method for certificate 
revocation list (CRL) consolidation and access, wherein a plurality 
of certificate authorities (CAs) maintain and distribute the digital 
5 certificates revoked by themselves in the form of CRLs, and different 
CAs may use different CRL distribution mechanisms, said method 
comprising the steps of: 

periodically retrieving CRLs at time intervals from different 
CAs using a plurality of CRL retrieval agents based on the CRL 
10 distribution mechanisms of CAs ; 

consolidating the CRLs from multiple CAs; 

storing the consolidated CRLs from multiple CRL retrieval 
agents or the replications of CRLs into a plurality of CRL databases, 
the consolidated CRLs including at least one individually 
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15 identifiable revoked digital certificate; and 

accessing the CRLs from the CRL databases by a uniform set of 
Application Program Interfaces. 

Claim 12* (original) A method according to claim 11, said 
plurality of CRL databases include a central CRL database and a 
plurality of CRL replication database, said central CRL database for 
storing the consolidated CRLs from multiple CRL retrieval agents and 
5 said plurality of CRL replication database for storing the 
replications of the CRLs of the central database. 

Claim 13. (previously presented) A method according to claim 
11, wherein said method is also adapted for consolidation and 
accessing all kinds of revoked certificate lists. 

Claim 14. {previously presented) An article of manufacture 
comprising a computer usable medium having computer readable program 
code means embodied therein for causing certificate revocation list 
(CRL) consolidation and access, the computer readable program code 
5 means in said article of manufacture comprising computer readable 
program code means for causing a computer to effect the steps of 
claim 11. 

Claim 15. (original) A computer program product comprising a 
computer usable medium having computer readable program code means 
embodied therein for causing certificate revocation list (CRL) 
consolidation and access, the computer readable program code means in 
5 said computer program product comprising computer readable program 
code means for causing a computer to effect the steps of claim 11. 

Claim 16 - (cancelled) 

Claim 17. (original) A program storage device readable by 
machine, tangibly embodying a program of instructions executable by 
the machine to perform method steps for certificate revocation list 
(CRL) consolidation and access, said method steps comprising the 
5 steps of claim 11. 

Claim 18. (previously presented) A method comprising: 
employing a secure network implemented by digital certificates 
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for certificate revocation list (CRL) consolidation and access, with 
a plurality of certificate authorities (CAs) maintaining and 
5 distributing the digital certificates revoked by themselves in the 
form of CRLs, wherein different CAs may use different CRL 
distribution mechanisms, including the steps of: 

creating a plurality of CRL retrieval agents based on the CRL 
distribution mechanisms of CAs, the retrieval agents configured to 
10 periodically retrieve CRLs at time intervals from the different CAs 
and to consolidate the CRLs from multiple CAs ; 

storing the consolidated CRLs from multiple CRL retrieval 
agents or the replications of CRLs into a plurality of CRL databases, 
the consolidated CRLs including at least one individually 
15 identifiable revoked digital certificate; and 

accessing the CRLs form the CRL databases by a uniform set of 
Application Program Interfaces, 

Claim 19. (original) A program storage device readable by 
machine, tangibly embodying a program of instructions executable by 
the machine to perform method steps for certificate revocation list 
(CRL) consolidation and access, said method steps comprising the 

5 steps of claim 1B\ 

Claim 20* (original) An article of manufacture comprising a 
computer usable medium having computer readable ^ program code means, 
embodied therein for causing certificate revocation list (CRL) 
consolidation and access, the computer readable program code means in 

5 said article of manufacture comprising computer readable program code 
means for causing a computer to effect the steps of claim 18. 

Claim 21. (original) A computer program product comprising a 
computer usable medium having computer readable program code means 
embodied therein for causing certificate revocation list (CRL) 
consolidation and access, the computer readable program code means in 
said computer program product comprising computer readable program 
code means for causing a computer to effect the steps of claim 18. 
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